Adam and I have been pretty hard on the FTC’s current leadership for pushing to dramatically expand regulation of online data use with little thought to the impact on ad-supported media, while in the next breath opening the door to dramatic expansion of direct government support of media, and all the while seeking sweeping new regulatory powers from Congress.
After all that complaining (and bashing their Soviet Realist-style statue, “Man Controlling Trade”), you might think we had it in for the agency. But as I’ve said repeatedly, we’re actually big fans of the FTC’s core consumer protection mission: holding companies to their promises. (Indeed, we want to make sure they stay focused on that mission, and have the staff, resources and technological tools to pursue it effectively—which might mean, as I’ve pointed out, increased funding rather than increased powers.) We’ve also repeatedly praised the FTC’s efforts to educate kids, parents, and Internet users in general about things like online privacy, advertising, spyware, user empowerment tools, online scams, etc.
But I don’t want to be accused of being only a fair-weather friend of the agency. So I wanted to point out a particularly good concrete example of the FTC doing what we talk about in the abstract: holding companies to their promises. Grant Gross notes that the FTC sent a stern letter earlier this month to the company that is seeking to buy the subscriber info and photos and other assets of the now-defunct XY Magazine, which served primarily gay U.S. teens, warning them that the FTC would hold them to the terms of the privacy policy under which XY collected information from its subscribers.
This is a great example of how the FTC can effectively use its existing authority to protect consumers against clear harms involved in the disclosure of truly sensitive data, sometimes even prophylactically—in this case, outing around 100,000 gay youths and young adults—collected by companies that make unambiguous promises to protect users’ data. This incident also illustrates how privacy law can evolve in an organic fashion from a growing body of such well-justified preemptive warnings, enforcement actions brought against truly bad actors, and ultimately court decisions that decide whether the FTC has properly weighed the interests at stake. In other words, just because we don’t have a privacy code enforced by a Data Protection Authority as in Europe doesn’t mean our legal system doesn’t protect privacy!
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.